From 83eccf1aa88d45c1d3ca81303efd42bcd7e9043a Mon Sep 17 00:00:00 2001 From: Shan Chathusanda Jayathilaka Date: Tue, 1 Oct 2024 10:24:10 +0530 Subject: [PATCH] Improve DCR process in organization management --- .../pom.xml | 2 +- .../FragmentApplicationMgtListener.java | 35 ++++---- .../pom.xml | 10 ++- .../handler/SharedRoleMgtHandler.java | 12 ++- .../listener/SharedRoleMgtListener.java | 83 ++++++++++--------- pom.xml | 8 +- 6 files changed, 88 insertions(+), 62 deletions(-) diff --git a/components/org.wso2.carbon.identity.organization.management.application/pom.xml b/components/org.wso2.carbon.identity.organization.management.application/pom.xml index ab1b73c39..95cb92de4 100644 --- a/components/org.wso2.carbon.identity.organization.management.application/pom.xml +++ b/components/org.wso2.carbon.identity.organization.management.application/pom.xml @@ -22,7 +22,7 @@ org.wso2.carbon.identity.organization.management identity-organization-management - 1.4.48-SNAPSHOT + 1.4.47 ../../pom.xml diff --git a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/FragmentApplicationMgtListener.java b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/FragmentApplicationMgtListener.java index 23d081e3b..671d0a2ed 100644 --- a/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/FragmentApplicationMgtListener.java +++ b/components/org.wso2.carbon.identity.organization.management.application/src/main/java/org/wso2/carbon/identity/organization/management/application/listener/FragmentApplicationMgtListener.java @@ -131,23 +131,26 @@ public boolean isEnable() { public boolean doPreCreateApplication(ServiceProvider serviceProvider, String tenantDomain, String userName) throws IdentityApplicationManagementException { - try { - String organizationId = getOrganizationManager().resolveOrganizationId(tenantDomain); - int organizationDepthInHierarchy = - getOrganizationManager().getOrganizationDepthInHierarchy(organizationId); - if (isSubOrganization(organizationDepthInHierarchy) && - !isSharedAppFromInternalProcess(serviceProvider, tenantDomain)) { - throw new IdentityApplicationManagementClientException( - ERROR_CODE_SUB_ORG_CANNOT_CREATE_APP.getCode(), - ERROR_CODE_SUB_ORG_CANNOT_CREATE_APP.getMessage()); - } - } catch (OrganizationManagementClientException e) { - if (LOG.isDebugEnabled()) { - LOG.debug("Organization not found for the tenant: " + tenantDomain); + if (StringUtils.isEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext() + .getApplicationResidentOrganizationId())) { + try { + String organizationId = getOrganizationManager().resolveOrganizationId(tenantDomain); + int organizationDepthInHierarchy = + getOrganizationManager().getOrganizationDepthInHierarchy(organizationId); + if (isSubOrganization(organizationDepthInHierarchy) && + !isSharedAppFromInternalProcess(serviceProvider, tenantDomain)) { + throw new IdentityApplicationManagementClientException( + ERROR_CODE_SUB_ORG_CANNOT_CREATE_APP.getCode(), + ERROR_CODE_SUB_ORG_CANNOT_CREATE_APP.getMessage()); + } + } catch (OrganizationManagementClientException e) { + if (LOG.isDebugEnabled()) { + LOG.debug("Organization not found for the tenant: " + tenantDomain); + } + } catch (OrganizationManagementException e) { + throw new IdentityApplicationManagementException( + "An error occurred while getting depth of the organization", e); } - } catch (OrganizationManagementException e) { - throw new IdentityApplicationManagementException( - "An error occurred while getting depth of the organization", e); } return true; } diff --git a/components/org.wso2.carbon.identity.organization.management.handler/pom.xml b/components/org.wso2.carbon.identity.organization.management.handler/pom.xml index 7c4ca1f80..df270dbc9 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/pom.xml +++ b/components/org.wso2.carbon.identity.organization.management.handler/pom.xml @@ -21,7 +21,7 @@ identity-organization-management org.wso2.carbon.identity.organization.management - 1.4.48-SNAPSHOT + 1.4.50 ../../pom.xml 4.0.0 @@ -187,6 +187,14 @@ + + org.apache.maven.plugins + maven-compiler-plugin + + 8 + 8 + + diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java index 5bd4a6a9a..479efef5e 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/SharedRoleMgtHandler.java @@ -200,6 +200,7 @@ private void createSharedRolesOnNewRoleCreation(Map eventPropert int noOfSharedApps = sharedApplications.size(); for (int i = 0; i < noOfSharedApps; i++) { final int taskId = i; + String finalMainRoleName = mainRoleName; CompletableFuture.runAsync(() -> { try { String sharedApplicationId = sharedApplications.get(taskId).getSharedApplicationId(); @@ -215,7 +216,7 @@ private void createSharedRolesOnNewRoleCreation(Map eventPropert PrivilegedCarbonContext.getThreadLocalCarbonContext() .setUsername(associatedUserName); RoleBasicInfo sharedRoleInfo = - getRoleManagementServiceV2().addRole(mainRoleName, Collections.emptyList(), + getRoleManagementServiceV2().addRole(finalMainRoleName, Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), RoleConstants.APPLICATION, sharedApplicationId, shareAppTenantDomain); @@ -232,7 +233,7 @@ private void createSharedRolesOnNewRoleCreation(Map eventPropert }, executorService).exceptionally(throwable -> { LOG.error(String.format( "Exception occurred during creating a shared role: %s in organization: %s", - mainRoleName, sharedApplications.get(taskId).getOrganizationId()), throwable); + finalMainRoleName, sharedApplications.get(taskId).getOrganizationId()), throwable); return null; }); } @@ -271,7 +272,12 @@ private void createSharedRolesOnNewRoleCreation(Map eventPropert for (BasicOrganization organization : applicationSharedOrganizations) { String shareAppTenantDomain = getOrganizationManager().resolveTenantDomain(organization.getId()); - RoleBasicInfo sharedRoleInfo = getRoleManagementServiceV2().addRole(mainRoleName, + String sharedOrgRoleName = mainRoleName; + if (getRoleManagementServiceV2().isExistingRoleName(mainRoleName, RoleConstants.ORGANIZATION, + organization.getId(), shareAppTenantDomain)) { + sharedOrgRoleName = mainRoleName + "_shared_to_" + shareAppTenantDomain; + } + RoleBasicInfo sharedRoleInfo = getRoleManagementServiceV2().addRole(sharedOrgRoleName, Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), RoleConstants.ORGANIZATION, organization.getId(), diff --git a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java index 5b852ef5d..271b0684e 100644 --- a/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java +++ b/components/org.wso2.carbon.identity.organization.management.handler/src/main/java/org/wso2/carbon/identity/organization/management/handler/listener/SharedRoleMgtListener.java @@ -467,45 +467,51 @@ private void handleAddedApplicationAudienceRolesOnAppUpdate(List addedAp public boolean doPreDeleteApplication(String applicationName, String tenantDomain, String userName) throws IdentityApplicationManagementException { - try { - // If the deleting application is an application of tenant(i.e primary org) nothing to do here. - if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { - return true; - } +// if (StringUtils.isEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext() +// .getApplicationResidentOrganizationId())) { + try { + // If the deleting application is an application of tenant(i.e primary org) nothing to do here. + if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { + return true; + } - ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain); - if (sharedApplication == null) { - return false; - } - String sharedAppId = sharedApplication.getApplicationResourceId(); - String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain); - // Resolve the main application details. - String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId, sharedAppOrgId); - if (mainAppId == null) { - return false; - } - int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); - String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); + ServiceProvider sharedApplication = getApplicationByName(applicationName, tenantDomain); + if (sharedApplication == null) { + return false; + } + String sharedAppId = sharedApplication.getApplicationResourceId(); + String sharedAppOrgId = organizationManager.resolveOrganizationId(tenantDomain); + // Resolve the main application details. + String mainAppId = orgApplicationManager.getMainApplicationIdForGivenSharedApp(sharedAppId, + sharedAppOrgId); + if (mainAppId == null) { + return false; + } + int mainAppTenantId = applicationManagementService.getTenantIdByApp(mainAppId); + String mainAppTenantDomain = IdentityTenantUtil.getTenantDomain(mainAppTenantId); + + String allowedAudienceForRoleAssociationInMainApp = + applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, + mainAppTenantDomain); + boolean hasAppAudiencedRoles = + RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp); + if (hasAppAudiencedRoles) { + // Handle role deletion in application deletion post actions. + return true; + } - String allowedAudienceForRoleAssociationInMainApp = - applicationManagementService.getAllowedAudienceForRoleAssociation(mainAppId, mainAppTenantDomain); - boolean hasAppAudiencedRoles = - RoleConstants.APPLICATION.equalsIgnoreCase(allowedAudienceForRoleAssociationInMainApp); - if (hasAppAudiencedRoles) { - // Handle role deletion in application deletion post actions. - return true; + // Handing organization audienced roles associated case. + List associatedRolesOfMainApplication = applicationManagementService + .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain); + handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId, + mainAppTenantDomain, sharedAppOrgId); + } catch (OrganizationManagementException | IdentityRoleManagementException e) { + throw new IdentityApplicationManagementException( + "Error while deleting organization roles associated to the app.", e); } - - // Handing organization audienced roles associated case. - List associatedRolesOfMainApplication = applicationManagementService - .getAssociatedRolesOfApplication(mainAppId, mainAppTenantDomain); - handleOrganizationAudiencedSharedRoleDeletion(associatedRolesOfMainApplication, mainAppId, - mainAppTenantDomain, sharedAppOrgId); - } catch (OrganizationManagementException | IdentityRoleManagementException e) { - throw new IdentityApplicationManagementException( - "Error while deleting organization roles associated to the app.", e); - } - return super.doPreDeleteApplication(applicationName, tenantDomain, userName); + return super.doPreDeleteApplication(applicationName, tenantDomain, userName); +// } +// return true; } private void handleOrganizationAudiencedSharedRoleDeletion(List rolesList, String mainApplicationId, @@ -584,7 +590,10 @@ public boolean doPostGetAllowedAudienceForRoleAssociation(AssociatedRolesConfig throws IdentityApplicationManagementException { try { - if (!OrganizationManagementUtil.isOrganization(tenantDomain)) { + if (!OrganizationManagementUtil.isOrganization(tenantDomain) +// || StringUtils.isNotEmpty(PrivilegedCarbonContext.getThreadLocalCarbonContext() +// .getApplicationResidentOrganizationId()) + ) { return true; } // Resolve the allowed audience for associated roles of shared application from main application details. diff --git a/pom.xml b/pom.xml index a463b67a0..057ccd12a 100644 --- a/pom.xml +++ b/pom.xml @@ -25,7 +25,7 @@ org.wso2.carbon.identity.organization.management identity-organization-management - 1.4.48-SNAPSHOT + 1.4.50 4.0.0 pom WSO2 Carbon - Organization Management @@ -482,9 +482,9 @@ - 4.9.17 + 4.10.22 [4.7.0, 5.0.0) - 4.6.0 + 4.10.0 [4.7.0, 5.0.0) @@ -525,7 +525,7 @@ [4.7.0,5.0.0) - 7.3.3 + 7.5.26 [5.20.0, 8.0.0)